Data Broker Discloses A Major Breach Of App User Data

Uploaded on 2025-01-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A subsidiary of a leading US location data broker, Unacast, has informed the Norwegian national Data Protection Authority, Datatilsynet, that it has been as breached is a severe incident. 

According to reports, the hack might have resulted in the theft of precise location data for millions of smartphone users. 

The subsidiary, named Gravy Analytics, told Datatilsynet that a  hacker accessed its Amazon Web Services (AWS) cloud storage environment. In its incident  report, Datatilsynet says that the breach involved the theft of information from a Gravy Analytics web server using a "misappropriated" key.  

While the breach report contains only a few details of the incident, hackers have claimed on a Russian cyber crime forum to have stolen a vast amount of data.  “The unauthorised person obtained some files, but the contents of those files and whether they contain personal data remains under investigation,” the breach report says.  If personal data was obtained it is ‘likely associated with users of third-party services that supply this data to Gravy Analytics,’ Datatilsynet's  report says.  

The hacked data appears to have originated in thousands of apps that Gravy Analytics drew data from, including Tinder, Grindr, Candy Crush and several religious and pregnancy tracking apps. A preliminary investigation showed that some of the stolen files "could contain personal data."

Unacast also owns Venntel, a data broker that also provides the US government with location data. In December 2024 the Federal Trade Commission (FTC) ruled that Gravy Analytics and Venntel violated the FTC Act by unfairly selling non-anonymised consumer location data. The FTC also alleged the firms used that data without obtaining “verifiable user consent for commercial and government uses.”  

Gravy Analytics apparently continued to gather and use consumers’ location data even after realising it did not give “informed consent” for the collection, the FTC said.  

The FTC order is notable because it sets new limits on law enforcement usage of the companies’ location data for investigative purposes. Law enforcement and intelligence agencies have acknowledged that they obtain data from brokers that historically would only have been available with a warrant. 

404Media   |    Datatilsynet   |    NRK   |  Record   |      

Image: Ideogram

You Might Also Read:  

A Guide to Understanding Market-Leading Data Storage Solutions:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« EU To Strengthen Cyber Defence In Healthcare  
Remote Deletion Of Malware Enforced On Thousands Of Computers  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Cyberwatch

Cyberwatch

Cyberwatch is a Vulnerability Scanner & Fixer software that helps you to detect and fix the vulnerabilities of your Information System.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

Applied Connective Technologies

Applied Connective Technologies

Applied Connective is one team for all your technology needs, from IT to phones, cyber security to physical security, audio/video and the infrastructure to support it.